CVE-2024-24822

Опубликовано: 07 фев. 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 9.1

EPSS Низкий

Описание

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

Ссылки

https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251
Patch
https://github.com/pimcore/admin-ui-classic-bundle/pull/412
Patch
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq
Vendor Advisory
https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251
Patch
https://github.com/pimcore/admin-ui-classic-bundle/pull/412
Patch
https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*

Версия до 1.3.3 (исключая)

EPSS

Процентиль: 0%

0.00003

Низкий

6.5 Medium

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-3rfr-mpfj-2jwq

CVSS3: 6.5

github

почти 2 года назад

Pimcore Admin Classic Bundle permissions are not getting checked when working with tags

EPSS

Процентиль: 0%

0.00003

Низкий

6.5 Medium

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-862